Thursday, May 14, 2015

SSH blocks on 'expecting SSH2_MSG_KEX_DH_GEX_GROUP'

Recently I have updated one of the server to CentOS 7. It have access to several network. With the previous CentOS version, it had SSH access to those networks. But with the server upgrade the server was not able to access via SSH.

To troubleshoot the issue I have run ssh with the the verbose mode.
#ssh -vvv <Remote server IP> -l <user name>

Then session got stuck in SSH2_MSG_KEX_DH_GEX_GROUP message.

If I briefly explain the network setup, there is a intermediate firewall which is controlling all the network traffic between those VLANS. I found by googling that it's something related to the packet fragmentation.
By default Network card MTU ( Maximum transfer unit ) is 1500. Then I have run the below command to change the MTU of the network card.

#ifconfig <network_device_name> mtu 576 ( You can try with different MTU 1000, 1472, or 567 )

Then I tried to ssh from the other network, It worked. If you want more details then you can refer the below link.


Posted by at No comments:

Cacti web access redirect from http to https

By default cacti can access using both http and https traffic. But due to the security reasons it should recommended to access cacti via https. Therefore you should change the index.php which is located in /usr/share/cacti folder.

So here is the tip on how to deploy in your Linux Machine:

1. Edit the index.php located on cacti's root folder
#cd /usr/share/cacti
#vi index.php

copy the PHP code below and insert it on the first line of index.php

<?php
if ($_SERVER['SERVER_PORT']!=443)
{
$url = "https://". $_SERVER['SERVER_NAME'] . ":443".$_SERVER['REQUEST_URI'];
header("Location: $url");
}
?>

Then restart the apache server.
Open your cacti using http://your-server-ip/cacti, this will redirect you to https://your-server-ip/cacti and ask you to verify and confirm web certificate on the first use. Just proceed and complete the process and you are good to go.
Posted by at No comments:

Wednesday, May 13, 2015

Secure connection failed accessing Apache 2.4 web server by using Windows 7 machine


Error : When Windows 7 user try to access web site running on Apache 2.4 Web server it produce SSL Secure connection failure error message on the browser.

I have logged into the server and then check the ssl.conf file. There it found the below configuration in the file.
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
#SSLProtocol all -SSLv2
SSLProtocol all -SSLv2 -SSLv3

It has by default disabled the SSL v2 and SSL v3 support. Then I have enable the SSL v3 support by editing Above line. It's seems like this after the changes.

# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
#SSLProtocol all -SSLv2 -SSLv3

With the changes then restart the apache server. It has solved the problem.
Posted by at No comments:
Subscribe to: Posts (Atom)